[Pkg-freeipa-devel] freeipa 4.1

Timo Aaltonen tjaalton at debian.org
Sat Nov 7 07:13:42 UTC 2015

On 07.11.2015 03:49, Robert McQueen wrote:
> Hi Timo,
> Thanks for all your work on FreeIPA in Debian! If you have a moment your
> thoughts on a couple of quick questions would be appreciated...

No worries, cc'ing the list so that the status is known to others too.

> Is 4.1 in experimental due to the ongoing SSL transition or something I
> should be more worried about? Any reasons not to just use the latest?
> I'm planning on doing a local backport to jessie but don't want to grab
> 4.1 if it's going to cause me issues.

Nah, it's just lack of testing on my part, haven't tried to upgrade my
setup yet.. and 4.2.x is waiting in git but needs to update the
dnssec-disabling patches since we still don't have BIND 9.10.x in Debian
(and won't have anytime soon, since it's pretty much orphaned).

Upstream master (-> 4.3) will finally allow replicating with GSSAPI, and
has merged some of our distro patches. Could be that I'll skip 4.2 and
jump straight to 4.3 when it's available.

Anyway, feel free to test 4.1, and if it works just use it :)

> And just to confirm - as I'm planning a single server setup initially,
> do I need to worry about the GNUTLS/NSS libldap thing at all?

No, since you don't need to replicate. And when 4.3 is packaged you
should be able to upgrade and replicate then.


More information about the Pkg-freeipa-devel mailing list